Plesk 11.x / Linux :: Firewall Might Disable Itself After Updating To 11.5
Nov 26, 2013
I already posted this as a bug report and now wanted to inform other users.
Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:
Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating
Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...
Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:
Code:
# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag
# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled
# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start
psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
View 14 Replies
ADVERTISEMENT
Jul 8, 2014
I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:
Code:
Error: Could not disable firewall:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service
Code:
Error: Could not activate firewall configuration:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact
I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper
-r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper
View 2 Replies
View Related
Mar 18, 2015
I renewed an SSL cert for one of my servers. After several hours, then days I noticed that the date had not updated to show the new expiration date.
When I do an ssl check through [URL] it shows the following when scanning https://webhost1.teksavvy.com:8443:
Valid from: 2014-Apr-11 00:00:00 GMT
Valid to: 2015-Apr-11 23:59:59 GMT
When scanning https://webhost1.teksavvy.com it shows:
[Code]....
View 6 Replies
View Related
May 14, 2015
We have change IP from NS server in Plesk.Why can we force refresh named.conf (for all domains) ? Informations stay with old IP.We can force one domain when we change an information in the DNS and we validate. But Hown can we change all domains?
Example:
Old
> NS server1.com (x.x.x.1)
New
> NS server1.com (x.x.x.2)
[code]....
View 3 Replies
View Related
Apr 30, 2015
My server admin already upgraded my OpenSSL to version 1.0.1m 19 Mar 2015 and he also upgraded Nginx to 1.6. I'm also running CentOS v5.11 and Plesk v11.5.
However, he tells me that he still can't get TLS 1.2 to work because he noticed that my server uses a different version of Nginx (sw-nginx), which he believes is part of Plesk. How we can get TLS 1.2 working on the Plesk copy of Nginx (sw-nginx)?
View 1 Replies
View Related
Feb 10, 2015
I am running
OS Ubuntu 14.04.1 LTS
Plesk version 12.0.18 Update #34, last updated at Feb 10, 2015 01:52 AM
I have created a few websites using plesk and i have the dns acting as the primary . This server acts as a primary nameserver for the DNS zone mywebsite.co.uk
When i add a txt record the dns is updated but it never resolves so my DKIM and SPF records are never found. I have checked my syntax for the records and all are fine. My domains are hosted by stratoservers. Is it there fault or mine. Should i change providers so i have more access to the domains dns or should plesk be doing that for me...
View 2 Replies
View Related
Jun 17, 2014
My license is updated every month, however it is not automatic, i have to go to Tools & settings > license management and click on "Retrieve Keys" every month.
Iguess there should a cron job that should do this for me every month in Centos.
What this cron job should be ?
View 2 Replies
View Related
Mar 25, 2014
When I first installed Plesk on my VPS I had a diskspace of 100GB.
After that I upgraded my VOS I had a diskspace with 150GB of storage.
When I read my statistics, plesk only recognizes 100GB in stead of 150.
How could I update these statistics?
View 6 Replies
View Related
Dec 5, 2014
How to update out of date components included in VPS? For instance...
rkhunter is at v1.3.4 whereas the current version is 1.4.2. Why both about updating? Well, in part to reduce the number of false-positive warnings and in part to gain more current protection.
A yum update isn't possible as 1.4.x has moved on quite significantly from 1.3.x and while downloading and installing rkhunter isn't terrible difficult, trying to get it to update the 1.3.4 version included with VPS seems somewhat more difficult...
SpamAssassin is at v3.3.1-3 whereas 3.4.0 is the current release version and 3.3.2 is no longer supported, meaning 3.3.1 is definately way out of support. Why bother? Better spam detection and blocking
When VPS will update to something nearer current versions of both of these components?
View 1 Replies
View Related
Aug 21, 2014
I'd like to upgrade my server from Ubuntu 12.04 to Ubuntu 14.04. The idea is to migrate my actual server (S1) to another one (S2). Then, format and install ubuntu 14.04 with Plesk on S1, and finally migrate the data from S2 to S1. Is it a good solution? Is it possible to do this using only one server? I don't know if I can do it making a backup, install Ubuntu 14.04 and then, restore the data into the server.
However, I have a problem with the migration agent. When I go the migration page, the migration agent tries to update itself and it keep at 0% forever (I attach an screenshot).
View 2 Replies
View Related
Jul 9, 2014
The IP addresses assigned to our servers have changed so it's time to update the default SPF information contained in the DNS records for ALL of the domains hosted on our servers:
OLD
Code:
v=spf1 +ip4:173.236.23.185 +ip4:173.236.23.188/30 +a +mx -all
NEW
Code:
v=spf1 +ip4:69.160.255.188/30 +ip4:69.160.255.192 +a +mx -all
However, when we update the resource record in the DNS template and then "Apply the changes to all zones...",
Panel will apply changes from the template to all DNS zones including the customized ones. Note that user-modified records always remain intact. For example, if the template contains a new record that was already added by a customer, Panel will keep the customer's record.Click to expand...
View 1 Replies
View Related
Jan 21, 2015
I found out a easy way to update the Database name of a WP installation through phpmyadmin panel, However I can't seem to update or refresh the Parallels WP Settings with correct information. Is this a bug?
This is how to reproduce:
From phpMyAdmin select the database you want to select, in the tabs there's one called Operations, Go to the rename section.
Update the user privileges to the new Database name and remove the old privileges (save)
Then manually update the wp-config file which contains the 'Database name' (save)
Then goto Parallels Plesk > Websites & Domains> WordPress Installations > Change Settings
Here you should notice the Change Settings for the WordPress Installation still contains the old Database name.
Is there any way of updating this?
View 12 Replies
View Related
May 16, 2007
I enabled the firewall in the virtuozzo power panel and now I can't access WHM/CPanel.
How do I disable the firewall in VZPP?
View 9 Replies
View Related
Aug 5, 2014
Nginx is listening on port 7080 with ipv6 protocol only.ipv6 isn't use on the server (ipv4 only).If I disable ipv6 support on the server, is this stopping nginx to use ipv6 ? (and some other process)How can I disable IPv6 on Plesk 12 ?
View 3 Replies
View Related
Jan 30, 2015
I have several clients still using WinXP. How do I disable SNI for SSL certificates ( and just use old IP way )?
View 18 Replies
View Related
Sep 2, 2014
I setup and enable fail2ban by Plesk 12 (tools and settings). What happens is, few days after i am unable to access this option again. I got time out
I've tried to disable by ssh "fail2ban-client stop" and nothing... the command become loading and never conclude,
how to remove or stop fail2ban ?
View 6 Replies
View Related
Jul 8, 2015
I have 2 server with CENTOS 7 and PLESK 12. In 1 server yum repository atomic is enabled, in the other is disabled. It should be enabled?
View 12 Replies
View Related
Nov 30, 2014
I would like my clients only to be able to access Plesk Panels from a certain domain, instead all from or with all the domains hosted on our server, is there a way to accomplish that?
View 1 Replies
View Related
Oct 1, 2014
I recently upgraded phones and forgot that my google authenticator keys were on my old phone. I am now unable to log in to the Plesk admin panel. I of course still have SSH access. How can I disable the Google Authenticator so I can regain access?
View 6 Replies
View Related
Jul 27, 2014
The premium antivirus when enabled it automatically sends notifications to both sender and server admin. I wish to disable the the notification to the sender and also only send a summary email weekly to the admin.
View 3 Replies
View Related
May 19, 2015
I'm just wondering whether it is possible to only offer POP and disable IMAP for a particular service plan?
View 2 Replies
View Related
Jul 14, 2014
Is it possible disable or uninstall 'WordPress Toolkit' for Plesk 12.x?
View 2 Replies
View Related
Sep 27, 2014
I need to disable apache access logs. I commented out the access log path in /etc/httpd/conf/httpd.conf and restarted the server but it's still logging access.
View 3 Replies
View Related
Feb 8, 2015
Is it possible to disable to root login to the panel? I do not mean the SSH login.
View 4 Replies
View Related
Feb 24, 2015
Is it possible to control if nginx is active on a per domain basis? If so, how do we configure this. If not, how do we disable nginx completely?
View 3 Replies
View Related
Dec 9, 2014
Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
[URL]
View 3 Replies
View Related
Jul 17, 2014
is there any way to disable automatic updates completely ? Because the lowest option in the panel is:
"Notify me about available updates but do not automatically install them" (Critical security updates will still be installed automatically.)
And while I can't figure out, which files are going to be updated even on this minmalistic setting, I have to disable it completely.
View 1 Replies
View Related
Jan 23, 2015
I have migrated User from Confixx 3.3.9 to Plesk and now it works fine.
In the Subscriptions i have disable the Feature Backup for the Costumers, but it dosent take an effect.
So i Turn it on and off again. But there was also no effect.
View 1 Replies
View Related
Mar 4, 2015
We run a high traffic server and the access logs get filled up very quick. I know we could implement rotation, but I would also like to prevent performance loss by having an access log, doesnt matter how marginal that would be.
View 6 Replies
View Related
Dec 13, 2014
I am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix = 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
This actually goes further than disabling SSLv2 and v3 and also excludes the use of NULL and MD5 ciphers.
The Postfix conf file, main.cf exists in two places on my VPS:
# find / -name main.cf
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
...
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
SMTP Server (Postfix)
And for good measure:
Plesk milter (Postfix)
I then test whether SSLv2 is enabled:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
...
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
# Iain 2014-12-12
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_CIPHER_LIST="TLSv1:HIGH:MEDIUM:!LOW:!EXP:!NULL:!aNULL@STRENGTH"
And /etc/courier-imap/imapd-ssl file:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1
actually, this should probably read:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1, TLS1.1, TLD1.2
Why am I unable to disable SSL v2 and v3 for SMTP/POP3/IMAP with Postfix and Courier?
View 15 Replies
View Related
